Re: All users can enter as one user "puser" without - Mailing list pgsql-admin

From Andrew G. Hammond
Subject Re: All users can enter as one user "puser" without
Date
Msg-id 1008579564.722.1.camel@xyzzy
Whole thread Raw
In response to All users can enter as one user "puser" without superuser priviledges: how?  (Jameson Burt <jameson@mnsinc.com>)
List pgsql-admin
On Mon, 2001-12-17 at 01:42, Jameson Burt wrote:
> I seek a simplistic access,
>
> 1. superuser "postgres" gets access when his system-name is "postgres",
>    but not otherwise [some security sought].
>    This can be done in pg_hba.conf with either
>       local all  peer sameuser
>       local all trust   #but anyone then gets "postges" access.
>
> 2. One other user, say "puser", gets access whatever his system-name.
>    The above
>       local all peer sameuser
>    disallows an arbitrary username entering as  "psql template1 -U puser".
>    One can use
>       host all 127.0.0.1 255.0.0.0 ident jimsmap
>    then have pg_ident.conf  with 1000 user entries like
>       jimsmap    jameson  puser
>    However, I seek a simpler method for numerous users,
>    each of whom will be granted access as user "puser".
>    ANY IDEAS?

Have each user log in from the same UNIX account.

Instead of trying to make all users into one user, which is almost never
a good idea, why not just use the PUBLIC concept in the database's
access control system?  Give each user their own userid, and GRANT
necessary access to PUBLIC.

--
Andrew G. Hammond     mailto:drew@xyzzy.dhs.org
http://xyzzy.dhs.org/~drew/
56 2A 54 EF 19 C0 3B 43 72 69 5B E3 69 5B A1 1F
613-389-5481
5CD3 62B0 254B DEB1 86E0  8959 093E F70A B457 84B1
"To blow recursion you must first blow recur" -- me

Attachment

pgsql-admin by date:

Previous
From: Jameson Burt
Date:
Subject: All users can enter as one user "puser" without superuser priviledges: how?
Next
From: marc@oscar.eng.cv.net (Marc Spitzer)
Date:
Subject: How do I vacuum safely? And how often should I reindex a table?